package tgc.edu.yzy.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import tgc.edu.yzy.service.CustomUserService;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
	@Autowired
	private CustomUserService customUserService;

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth
			.userDetailsService(customUserService)  	//设置用什么去查找用户
			.passwordEncoder(new BCryptPasswordEncoder()); //设置用什么去对密码加密，在spring boot 2.0这个是必须的
		auth.inMemoryAuthentication().withUser("aaa").password("{noop}1234").roles("ADMIN");   
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	 	http.csrf().disable();
	 	http.headers().frameOptions().disable();//解决不允许加载iframe问题解决
		http.formLogin()
				.loginPage("/login").permitAll()
				//设置默认登录成功跳转页面
                .defaultSuccessUrl("/interim")
                .failureUrl("/login?error");
		
        http.authorizeRequests().antMatchers("/static/**").permitAll();
        http.authorizeRequests().antMatchers("/webjars/**").permitAll();
        http.authorizeRequests().antMatchers("/admin/book/download").permitAll();
        http.authorizeRequests().antMatchers("/CheckCode").permitAll();
        http.authorizeRequests().antMatchers("/head").permitAll();
        http.authorizeRequests().antMatchers("/index").permitAll();
        http.authorizeRequests().antMatchers("/").permitAll();
        http.logout().logoutUrl("/logout").permitAll();
        http.authorizeRequests().anyRequest().authenticated();

	}

}
